Aadhaar authentication service crashes as SMS regulation wipes out OTPs
A breakdown in Aadhaar authentication through one-time passwords (OTPs) has followed the implementation of the second phase of SMS regulations by telecom providers in India, according to Scroll.
The Telecom Regulatory Authority of India (TRAI) was forced to step in a day later, Money Control reports, after the process for verifying the content of every SMS from a registered source, or “scrubbing” messages, caused close to half of SMS traffic to be dropped, an executive at a telemarketing firm told a local media outlet.
The measures were put in place to stop spam and fraudulent messages, and were carried out under the Telecom Commercial Communication Customer Preference Regulation (TCCCPR), which involves the use of a blockchain solution to verify commercial SMSs come from the source they are registered by. The regulation was suspended by the TRAI
OTPs from banks and ecommerce companies to complete payments were gong undelivered, and the Aadhar authentication service crashed.
A cybersecurity expert told The Quint that the distributed ledger technology companies involved should have trialed the changes with promotional SMSs, before moving on to transactional ones.
The disruption of OTPs for Aadhaar authentication and payments also carries an increase in fraud risk, Rajshekhar Rajaharia pointed out, as the messages provide warning to legitimate account holders of payments processed without their knowledge.
Money Control reports speculation that the suspension of the regulation could last seven days.
With Aadhaar biometrics and OTPs linked to ever-more services, the reliability of the system is becoming increasingly critical for a growing number of Indians.